Protocols/ports allowed to the following destination hostnames as outlined in the table below:

Feature

Protocol

Ports

Destination

Remote Support

tcp

443

ep1.qumulo.com

Log Uploads

tcp

443

monitor.qumulo.com

IMPORTANT! If your company has an intrusion detection device or firewall that performs SSL/HTTPS Deep Packet Inspection, you will need to add an exception for the ep1.qumulo.com IP address. Run the command below on your cluster to identify the IP address for ep1.qumulo.com:

nslookup ep1.qumulo.com

DETAILS

Remote Support allows access to your cluster so that Qumulo Care can troubleshoot and resolve problems remotely. Using a secure VPN connection accessed only by Qumulo, the following information is available to an authorized Qumulo Care team member to provide help when you need it the most.

Cluster name and number of nodes

Performance and capacity statistics

Notification of hardware and software issues

Configuration data including users, groups, shares and exports

Logs, stack traces, and core dumps

IMPORTANT! Customer data cannot be accessed.

Remote Support relies on a VPN connection from your cluster to a server accessed only by Qumulo using industry standard authentication and encryption. To secure this connection, VPN Keys are installed on each Qumulo node in /etc/openvpn at initial installation. Once Remote Support is enabled on your cluster, an authorized member of the Qumulo Care team can open a connection to your cluster via the openvpn tunnel that is closed by default. This connection will remain established for a fixed period of four hours or can be modified per customer security requirements if necessary.

ENABLE AND DISABLE REMOTE SUPPORT

Qumulo Core Web UI

Hover over the Support menu and click Qumulo Care

Click the Edit button for Remote Support

Enable Remote Support by selecting Yes or disable Remote Support by selecting No

Click Save

Once enabled, Remote Support will display as Connected on the Qumulo Care page.

QQ CLI

To enable via the qq CLI, run the following command from a node:

qq set_monitoring_conf --vpn-enabled

Run the command below to disable Remote Support:

qq set_monitoring_conf --vpn-disabled

Lastly, verify the cluster's support configuration by using the following command:

Authorized Qumulo Care support team member will activate openvpn connection creating a tunnel from the customer Qumulo cluster to ep1.qumulo.com server

Qumulo Care support team member will initiate ssh from Qumulo HQ to ep1.qumulo.com server

Qumulo Care support team member will initiate ssh via established openvpn tunnel from ep1.qumulo.com to customer cluster

Qumulo will use connection to troubleshoot and upload logs first to monitor.qumulo.com then to S3 bucket

Log uploads, while not shown in the UI, can be initiated manually by a member of the Customer Success team. Logs & other pertinent diagnostic data are sent to a private Amazon EC2 instance for analysis by our support team.

Qumulo will notify customer to deactivate Remote Support once troubleshooting is complete

Customer disables remote support via the Web UI, CLI or API

Click image to enlarge

We highly recommend that you enable Cloud-Based Monitoring with Remote Support so that our team can proactively provide fast support when you need it the most. Reference the Qumulo's Cloud-Based Monitoring article for additional details.

RESOLUTION

You should now be able to successfully utilize Qumulo's Remote Support